Failed to authenticate request due to: The user id does not match the public key

I’m like this :ok_hand:t5: close to successfully sending an ECDSA signed HTTPS request completely within a motoko project. I get the feeling that this error is the last one to resolve before it works :crossed_fingers:t5:. I placed the error that I’m receiving below:

the self authenticating principal that I’m using doesn’t match the principal that is supposed to be used when signing the request. Currently, the way that I’m deriving the self authenticating principal is by using the SEC1 encoded public key that is retrieved from the ecdsa_public_key function within the manager canister interface. I decompress the SEC1 encoded public key such that the result takes on the format: <1-byte-long prefix><32-bytes-long X> <32-bytes-long Y> .

I then take the decompressed form of the public key, run it through a SHA224 hash, and then I append the [0x02] byte to the end of the decompressed public key’s hash. Below, I’ve place the function that I use in order to generate the self authenticating principal from the decompressed public key.

My question is: what exactly should be used to generate a self authenticating principal that can be used to sign a request?

the function I use to generate the self authenticating principal:

public func getSelfAuthenticatingPrincipal(public_key: Blob): { principalAsBlob : Blob } {
    let hash = SHA224.sha224(Blob.toArray(public_key));
    let tag : [Nat8] = [0x02];
    { principalAsBlob = Blob.fromArray(Array.append(hash, tag)) };

The Error message that I’m receiving:

  record {
    status = 403 : nat;
    body = opt "Failed to authenticate request 0xef...2de due to: The user id k2knv-...-rqe does not match the public key 3056301006072a8648ce3d020106052b8104000a034200040daaf4f84db538c64bd542a738e4db78b9a206e9d82cd4fc5cbad3c392a264";
    headers = vec { record { value = "application/cbor"; name = "content-type" } };
1 Like

To resolve this issue, I needed to create the self-authenticating principal using the DER formatted version of the key. which is achieved by prepending the following Blob to the decompressed public key:

let pre_string : Blob = "\30\56\30\10\06\07\2a\86\48\ce\3d\02\01\06\05\2b\81\04\00\0a\03\42\00"